Continuing Privacy Education Policy

Revised April 1, 2013

Overview

All CIPP (CIPP/US, CIPP/C, CIPP/E, CIPP/G and CIPP/IT) and CIPM holders must meet two minimum requirements over the term of their certification in order to maintain credentialed status: (1) keep their IAPP membership (at any level) in good standing each year; and (2) fulfill 10 hours of continuing privacy education (CPE) per year during the term of their certification.

The intent of these requirements is to ensure that IAPP-certified professionals remain engaged in current and emerging issues in privacy and data protection and continue to involve themselves with the privacy profession through conferences, events and educational programs.

This CPE policy was developed by the IAPP in conjunction with its certification advisory boards. The various requirements of the policy have been reviewed and approved by the board of directors of the IAPP. The IAPP established the CPE program and policy and is solely responsible for reviewing, approving and issuing CPE credits. For any additional questions or needs relating to continuing privacy education, please contact the IAPP directly (see CPE Contact Information below).

 

Continuing Privacy Education

Definition

Continuing privacy education (CPE) is defined as any program, event, forum, book or other published written material, presentation, course of instruction or speaking engagement that relates specifically to information privacy, information security, information auditing, legal compliance or risk management, whether it is provided, published or hosted by the IAPP or other approved organizations.

Certification Status

An individual is considered an IAPP-certified professional (CIPP/US, CIPP/C, CIPP/E, CIPP/G CIPP/IT or CIPM) only in the event that the individual:

  • Is an IAPP member (at any level) in good standing;
  • Has completed and passed the appropriate certification examinations as required under the IAPP credentialing program of choice (Certification Foundation and CIPP/US, CIPP/C, CIPP/E, CIPP/G, CIPP/IT or CIPM); and,
  • Has satisfied a minimum number of 10 credit hours of CPE as required under the IAPP credentialing programs.
Certification Term  

The IAPP credential (CIPP/US, CIPP/C, CIPP/E, CIPP/G, CIPP/IT or CIPM) is considered “active” (valid) beginning on the date that the individual credential holder has successfully completed both the Certification Foundation and the certification examination for that credential. The credential term is one year from the first day of the month following the date the credential was earned and each anniversary thereof.

To maintain the credential(s) in good standing, the holder must:

  1. Meet the minimum requirement of 10 credit hours of CPE each term as well as keep IAPP membership in good standing each year. If the credential holder fails in either of these obligations, the credential will be considered suspended. Individuals with a suspended credential will be offered a grace period that begins on the day after the suspension and lasts for a term of 90 days following that date. During this grace period, the holder of the expired credential may:
    • Complete any credits in deficit in order to meet the minimum CPE requirement; and/or
    • Restore active IAPP membership status.
  2. Satisfy the CPE and membership obligations by the end of the 90-day grace period. Beyond this time, the credential is expired, and the individual may no longer represent the CIPP/US, CIPP/C, CIPP/E, CIPP/G, CIPP/IT or CIPM designation in person or on business cards in professional correspondence or other communications; furthermore, the IAPP Membership Directory will not represent the member as an IAPP credential holder.

Credentials expired for less than two years may be reinstated to active status by (a) maintaining or restoring active IAPP membership and (b) providing evidence of at least one unit of CPE for each month the credential has been expired. IAPP certification holders reinstated in this way must then bring CPE status into full compliance by the end of the certification term.

Reinstatement in this way is a one-time opportunity. Individuals who reinstate credentials and later fail to meet CPE requirements will have their credentials permanently revoked. Designations can then only be re-earned by examination.

Credentials expired for more than two years may not be restored to active status. Individuals must re-certify by (a) retaking and passing both the Certification Foundation and certification designation(s) (CIPP/US, CIPP/C, CIPP/E, CIPP/G, CIPP/IT and/or CIPM) exams and (b) maintain or restore active IAPP membership status.

Multiple Credentials

Individuals who hold more than one IAPP credential (CIPP/US, CIPP/C, CIPP/E, CIPP/G, CIPP/IT and/or CIPM) have only one CPE account and must satisfy the requirements listed above to maintain all credentials. That is, the CPE requirement is 10 credit hours per annual term from the date of the original certification regardless of the number of IAPP credentials an individual holds. Likewise, failure to meet the minimum annual requirements may lead to the suspension, expiration and/or revocation of all credentials.

Surplus CPE Credits

IAPP-certificants are obligated to satisfy a minimum of 10 credit hours of CPE each annual term. In the event that this level is exceeded, a surplus of up 10 credits may be carried forward from one annual term to the next.

Documentation

As of May 1, 2012, IAPP-certificants are no longer required to submit documentation for CPE activities; however, you must retain documentation in your own records in the event you are randomly selected for a CPE audit. You should retain these records for each year for three months after your anniversary date.

Audit

The IAPP will conduct periodic random audits of CPE accounts and request documentation for events and activities not automatically credited to a certificant’s account (those submitted by the certificant). Certificants randomly selected for an audit will be notified by e-mail. Audits may result in any of the following findings:

  1. Acceptable documentation and verification of CPE credit hours submitted.
  2. Unacceptable documentation and request for further documentation. Such further documentation must be received by the IAPP with 30 days of the request.
  3. CPE credit hours will be denied for either (a) unacceptable documentation or (b) failure to respond within the specified period, and the credit hours will be subtracted from the certificant’s CPE account. If the reduction in credit hours results in the certificant being deficient in CPE credit hours, the credential will be suspended and the certificant will have 90 days to bring the CPE account into good standing. Failure to do so will result in the expiration of the certificant’s IAPP credential(s).

If, in the course of an audit or by any other means, the IAPP determines that a certificant has submitted CPE credit hours for activities in which he or she did not participate, the certificant’s CIPP or CIPM credential(s) will be immediately and permanently revoked.

 

Eligible Programs for Continuing Privacy Education Credit

Note: CPE credit for all IAPP events and activities will be automatically awarded two weeks following the events or activities.

The following programs are eligible for CPE. IAPP-certificants are responsible for reviewing the requirements for award of credit for these programs.

IAPP EVENTS

IAPP CONFERENCES = up to 12 credit hours per event, per attendee, speaker or presenter
Includes the Global Privacy Summit, Privacy Academy, IAPP Canada Privacy Symposium, IAPP Europe Data Protection Congress, IAPP Europe Data Protection Intensive, Practical Privacy Series and Navigate.

CPE credits will be automatically credited to registered certificants two weeks after the event.

IAPP FORUMS = up to 4.0 credit hours per forum per attendee, speaker or presenter
Includes the KnowledgeNet series of local networking meetings

CPE credits will be automatically credited to certificants two weeks after the event for those who are confirmed attendees. In order to receive credits for IAPP forums, each IAPP-certified professional must sign the attendance sheet at the meeting.

IAPP LIVE AUDIO/VIDEO PROGRAMS = up to 3.0 credit hours per program per attendee, speaker or presenter
Includes IAPP web conferences

In order to automatically receive credits for a live IAPP audio/video program, each IAPP-certificant must register in advance for the program (exceptions apply only to speakers/presenters). For example, the IAPP will automatically award credits, two weeks after the event, to the single party named in the registration for the audio conference phone line used to deliver the IAPP program.

In the event that the audio conference phone line is used by multiple employees of the same organization (who also are IAPP-certified), each participating employee (other than the registered user) from that organization will need to complete and submit a CPE Submission Form, listing the name of the registered user, as soon after the audio conference as practicable.

IAPP CERTIFICATION TRAINING = up to 6 credit hours per program, per attendee
Includes both instructor-led and media-based training

Note: because CPE activities must be completed after initial certification, only existing CIPPs and CIPMs are eligible for CPE credit for certification training subsequent to earning an initial designation.

Eligible CPE credits will be automatically credited to registered certificants two weeks following the instructor-led or online training.

CPE for IAPP certification training is awarded based on the following schedule:

Training program

CPEs

U.S. Private Sector (CIPP/US)

6.0

Canadian (CIPP/C)

4.0

European (CIPP/E)

6.0

U.S. Government (CIPP/G)

6.0

Information Technology (CIPP/IT)

5.0

Information Privacy Manager (CIPM)

6.0

IAPP ACTIVITIES

IAPP BOARD OF DIRECTORS AND CERTIFICATION ADVISORY BOARD PARTICIPATION = 5.0 credit hours per term/year per member of board

ALL OTHER IAPP ADVISORY BOARD PARTICIPATION = 2.0 credit hours per term/year per member of advisory board.

CPE credits are awarded to individuals who serve as a member of an IAPP board for a length of one full term. Credits will be automatically awarded in December for service performed during that year. Active participation in board meetings is required to qualify for full credit. Eligible boards are the IAPP Board of Directors, Education Advisory Board, Certification Advisory Boards, Publications Advisory Board, Canadian Advisory Board, European Advisory Board and Privacy Tracker Advisory Board.

IAPP KNOWLEDGENET CHAIR = 2.0 credit hours per year per chairperson

CPE credits are awarded to individuals who serve as a chairperson for IAPP KnowledgeNet locations. Credits will automatically be awarded in December for service performed during that year.

OTHER IAPP-RELATED ACTIVITY

IAPP PRE-RECORDED AUDIO/VIDEO PROGRAMS = 1.5 credit hours per program
Includes archived IAPP audio conferences and web conferences

CPE credits will be automatically awarded to CIPP and CIPM holders who purchase and review an archived audio/video program within 24 hours of purchase. Only CIPP and CIPM holders who are confirmed purchasers of the pre-recorded program will be awarded CPE credits. Be sure to check the audio/video program description in advance to confirm CPE eligibility.

IAPP-SANCTIONED READING MATERIALS = 1.0 credit hours per 50 pages of text
Includes selections from the
IAPP Bibliography of Recommended Reading

CPE credits are awarded to CIPP and CIPM holders in recognition of reading efforts and self-study activities based on a formula where one CPE credit is awarded for every 50 pages of written text that is read by the applicant. For example, a 300-page book on data privacy laws is eligible for 6.0 CPE credits. To receive CPE credits, complete and submit the CPE Submission Form.

Please note that internal publications read as a function of job responsibilities are not eligible for CPE credits. The IAPP publishes a bibliography of approved reading material; publications not listed within this bibliography will also be considered after review of the CPE Submission Form.

IAPP-SPONSORED OR PARTNERED EVENTS = see the CPE Credit Guide for hours

CPE credits are awarded to CIPP and CIPM holders who attend events, forums and programs that are sponsored by the IAPP or in which the IAPP participates as an educational program provider. Only sessions that relate specifically to information privacy, information security, information auditing, legal compliance and/or risk management will be considered. No credits will be awarded for non-IAPP training programs or exams that support credentialing programs (e.g., seminars or exams for CISSP, SSCP, CISM, CISA, CPEHR, CPHIT and other certifications). To receive CPE credits, complete and submit the CPE Submission Form. No credits will be awarded for incomplete submissions.

NON-IAPP ACTIVITIES

APPROVED PRIVACY EVENTS NOT HOSTED OR SPONSORED BY THE IAPP = see the CPE Credit Guide for hours

CPE credits are awarded to CIPP and CIPM holders who attend approved events, forums and programs that are provided by other organizations and agencies (see Approved Privacy Training Providers and Activities). To be eligible for CPE credit, programs must be specifically related to information privacy, information security, information auditing, legal compliance and/or risk management. To receive CPE credit, complete and submit the CPE Submission Form.

OTHER PRIVACY EVENTS NOT HOSTED OR SPONSORED BY THE IAPP = see the CPE Credit Guide for hours

CPE credits may be awarded to CIPP and CIPM holders who attend approved events, forums and programs that are provided by other organizations and agencies. To be eligible for CPE credit, programs must be specifically related to information privacy, information security, information auditing, legal compliance and/or risk management. To ensure an event or activity is acceptable for CPE credit, certificants should submit a CPE Pre-Approval Form well in advance of the event. Failure to secure pre-approval of an activity may result in denial of CPE credit.

Internal organization privacy training received from an employer may be eligible for CPE credit if it is general privacy training (as opposed to training on organization-specific policies). Certificants interested in receiving CPEs for internal training should complete the Internal Privacy Training Review Request and all supporting documentation at least 30 days prior to the training. The IAPP will determine eligibility and respond within 10 business days of the request submission.

ACADEMIC CLASSES = 3 CPEs per semester hour to a maximum of 12

CPE credits are awarded to CIPP and CIPM holders who successfully complete academic courses with a minimum C (or equivalent) grade. In order to earn credits for academic coursework, each IAPP-certified professional must complete and submit the CPE Submission Form. In the event of a CPE audit, the certificant must provide an official copy of the transcript issue by the academic institution.

PUBLISHED MATERIALS = see the CPE Credit Guide for hours

CPE credits are awarded to CIPP and CIPM holders who produce publicly accessible writing that relates topically to information privacy, information security, information auditing, legal compliance and/or risk management issues. The published materials should be research-based and reflect privacy knowledge or the dissemination of privacy knowledge. Eligible examples include white papers, articles, newsletters and blogs. In order to earn credits for these efforts, each IAPP-certified professional must complete and submit the CPE Submission Form. In the event of a CPE audit, the certificant must provide access to the published materials. Materials published for purposes internal to a certificant’s organization are not eligible for CPE credit.

SPEAKING ENGAGEMENTS = see the CPE Credit Guide for hours

CPE credits are awarded to CIPP and CIPM holders who speak before an audience or present a program provided that such an appearance/presentation/course relates specifically to information privacy, information security, information auditing, legal compliance and/or risk management:

  • The IAPP will award CPE on a double credit-per-hour basis (2x time served) for speaking or presenting a program to an audience. For example, the presenter of a one-hour session on conducting a privacy audit will be awarded 2.0 CPE credits.
  • In order to earn credits for these efforts, each IAPP-certified professional must complete and submit the CPE Submission Form and retain one or more of the following forms of documentation in the event of an audit: the program agenda, speaker profile and/or panel description.

Internal organization privacy training delivered to employees may be eligible for CPE credit if it is general privacy training (as opposed to training on organization-specific policies). CIPPs interested in receiving CPEs for presenting internal training should complete the Internal Privacy Training Review Request and all supporting documentation at least 30 days prior to the training. The IAPP will determine eligibility and respond within 10 business days of the request submission.

TEACHING = see the CPE Credit Guide for hours

CPE credits are awarded to CIPP and CIPM holders who teach a course of instruction provided that such an appearance/presentation/course relates specifically to information privacy, information security, information auditing, legal compliance and/or risk management:

  • The IAPP will award CPE on a triple credit-per-hour basis (3x time served) for teaching a course of instruction. For example, the instructor of a six-hour course on national data protection laws in the European Union will earn 18 CPE credits.
  • In order to earn credits for these efforts, each IAPP-certified professional must complete the CPE Submission Form and retain a copy of the course syllabus/outline in the event of an audit.

 

Certification Appeals

In the event of a dispute regarding certification status, CPE status or CPE credit value, concerned credential holders may address their complaint in writing directly to the IAPP Certification Director. The IAPP will evaluate the appeal and respond in writing within 15 business days of receipt of such a claim with a remedy or recommendation.

In the event the dispute remains unresolved after the response by the IAPP, credential holders also may seek arbitration through the IAPP Certification Challenge Board, which is comprised of senior privacy executives, independent of IAPP staff, who are intimately familiar with the IAPP certification curriculum as well as its certification training, testing and continuing education requirements. Persons with such a certification dispute must request in writing that the IAPP Certification staff submit the dispute to the Certification Challenge Board. The submission will be forwarded to members of the Certification Challenge Board and a response issued within 30 business days of receipt.

 

CPE Contact Information

Continuing Privacy Education Programs
IAPP
Pease International Tradeport
75 Rochester Ave., Suite 4
Portsmouth, NH 03801 USA
+1 603.427.9200
cpe@privacyassociation.org

 

CPE Credit Guide

Activity

Participant

Max

Speaker/Presenter/Teacher/Author

Max

IAPP-sponsored or partnered events 

1 CPE credit hour per hour of privacy-related sessions attended

12/event

2 CPE credit hours per hour of privacy-related speaking/presenting

19/event

Privacy events not hosted or sponsored by the IAPP 

1 CPE credit hour per hour of privacy-related sessions attended

12/event

2 CPE credit hours per hour of privacy-related speaking/presenting

12/event

Reading 

1 CPE credit hour per 50 pages of privacy-related reading

10/year

 

 

Audiobooks, podcasts or web conferences 

1 CPE credit hour per hour of privacy-related listening

10/year

 

 

Academic coursework 

3 CPEs per semester hour

12/class

 

 

Teaching

 

 

3 CPE credit hours per hour of teaching

20/year

Speaking engagements

 

 

2 CPE credit hours per hour of speaking or presenting

12/event

Published materials

 

 

1 CPE credit hour per 5,000 (+/-) words of published text

20/year

 

Back to top